In the context of IT security, many end user devices, including desktop computers, tablet computers, smart-phones, laptop computers, portable hard disk drives, USB flash drives and various other mobile devices, as well as servers, process and exchange large amount of information in wired as well as wireless environments. Some of this information is highly sensitive, such as private personal information and perpetrate corporation information. Information that can benefit a user or organization can also be used against the user or the organization if it falls into wrong hands. Industrial espionage agents among highly competitive businesses are resorting to electronic means to stealing corporate information.
Encryption is the most pervasive solution for providing data confidentiality. Most data encryption software products install and store the encryption key which is used to encrypt, protect the data inside the same device where the data is stored. If the device is lost or hacked, both the encrypted data as well as the encryption key fall into the same hands and the data security is compromised accordingly.
Using an external portable token which is physically separated from the device storing the data, to store the encryption key for encrypting and accessing secured data, for example, from a virtual secure disk, is a preferred approach to securing sensitive data on a host computer, as it can separate the encryption key from the encrypted data. The communication link between the token and the host computer can be via any communication module or media such as radio frequency (RF) channels, or wired connections. The external portable token can be any peripheral device such as a USB flash drive, a mobile phone or even another computer. The host computer can be any computing machine such as a server, a desktop computer, a portable computer or smart-phones. The host computer can contain a data security manager (DSM).
A password protection mechanism is incorporated together with the token to prevent unauthorized usage of the token. As an example, a user requesting to access the secured data is prompted to plug in his token and key in his password. The correctness of the password is checked. If the password is correct, the token (and hence the user) is allowed to access the secured data. A user is allowed access to the secure data only if the token is plugged in and the login password is correct. Data are encrypted using, for example, a symmetric key encryption algorithm.
While the above approach can secure sensitive data on a host computer, a problem exists in that a retail user in a consumer environment may forget his password associated with the portable token. While the password typically can be re-set by the manufacturer of the portable token, this approach does not offer a satisfactory solution because whenever a second party is involved in any security process, the chance of a security leakage becomes real. Similar problems also exist when the token is damaged, lost or stolen.
Embodiments of the present invention seek to provide a self-authentication system, device and method, preferably a self-authentication and recovery system, device and method, that enable the user or data owner to support themselves when such problems arise, without involving others.